CVE-2020-1739

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1739

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1739.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1739

Aliases

Downstream

ALPINE-CVE-2020-1739

DEBIAN-CVE-2020-1739

DLA-2202-1

DSA-4950-1

OESA-2021-1349

OESA-2022-1950

RHSA-2020:1541

RHSA-2020:1542

RHSA-2020:1543

RHSA-2020:1544

SUSE-SU-2020:3309-1

UBUNTU-CVE-2020-1739

USN-7330-1

openSUSE-SU-2022:0081-1

openSUSE-SU-2024:10615-1

openSUSE-SU-2024:14244-1

openSUSE-SU-2024:14536-1

Related

Published

2020-03-12T18:15:12Z

Modified

2025-10-21T05:43:46.708110Z

Severity

3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Last affected

8fd406ee8e3a14be72b3cbbfe91d03fe35952f95

Introduced

24325a05dfb9104d6d4ec8b488b89e07c2e6d376

Last affected

9388be4269bdf83406bfa9245142de8b7dc8cfbc

Introduced

2611867fd1dc387ceaa0ffb8ce0f030aafc2a859

Last affected

d28e4b63c7b70acbaf0a1fedd53c91b6686574a0

Affected versions

v2.*

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5